State security server open: Serious data leak at Brandenburg police force
Serious IT security breach at the Brandenburg State Criminal Police Office: A state security server with secret documents was probably publicly accessible.
(Image: Sergei Gutnikov CC BY-SA 3.0)
Brandenburg is struggling with a massive data leak. A server belonging to the State Security Department of the State Criminal Police Office (LKA) was apparently publicly accessible for a long time. According to reports, it contained secret documents, investigation results and passwords, among other things. The serious IT security incident was discovered by a user by chance.
According to the Tagesspiegel newspaper, a citizen using a public police tip-off portal on the internet for witnesses to a fatal fire accessed what was actually a secret network memory of the state security service with a single click. The tip-off portal was connected to this. The IT-savvy discoverer then passed on his findings to the authorities.
Videos by heise
The Brandenburg police reported the security breach to the state data protection commissioner Dagmar Hartge and the Ministry of the Interior on September 20. "The incident is currently being assessed as a serious breach of data protection regulations and technical and organizational measures for the protection of personal data," says the Ministry of the Interior. The investigations are ongoing and the authority does not yet wish to comment on technical issues.
"Forgotten" hardware: no firewall, no updates
So far, it appears that the server connected to the information portal was operated by the police state security department for years. The server is said to have been neither checked nor approved by the internal security department. It is therefore questionable whether the system has received security updates. The computer was apparently still connected to the Internet, albeit without a firewall.
According to Tagesspiegel, the WLAN and a network memory with passwords for connections to a server of the Federal Criminal Police Office (BKA) were barely protected. According to the report, the BKA cut off data exchange with the LKA's state security service after the discovery out of concern that information could be intercepted.
According to the report, it quickly became clear to the police that it would have been easy for unauthorized persons to find the access page to the state security data network and possibly gain access to other computers. According to current knowledge, there are no concrete indications that data has been leaked or misused.
(ds)
